CVE-2022-31700

Vulnerability

CVE-2022-31700 is an authenticated remote code execution vulnerability in VMware Workspace ONE Access and Identity Manager. The advisory [1] indicates it affects Workspace ONE Access and Identity Manager versions prior to the updates released on 2022-12-13. The vulnerability allows an attacker with valid credentials to execute arbitrary code on the affected system.

Exploitation

To exploit this vulnerability, an attacker must first obtain valid authentication credentials for the VMware Workspace ONE Access or Identity Manager service. With authenticated access, the attacker can send specially crafted requests to the affected system to trigger remote code execution [1]. No user interaction is required beyond the initial authentication step.

Impact

Successful exploitation allows an authenticated attacker to execute arbitrary code on the vulnerable VMware Workspace ONE Access or Identity Manager server. This could lead to full compromise of the affected system, including data disclosure, modification, or denial of service, depending on the attacker's goals [1]. The CVSSv3 base score of 7.2 reflects the potential for significant impact.

Mitigation

VMware released security updates for Workspace ONE Access and Identity Manager to address CVE-2022-31700 as of December 13, 2022 [1]. Users should apply the latest updates from the vendor's advisory. No workarounds are documented. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog at the time of writing.